<?PHP
 //error_reporting( 0 );
// the security header which should be included in al memberpaga's
// first we include the configuration file which contains the database data
// also it will connect to the database.

// tell we want to work with sessions
session_start();

// WE NEED TO CHECK IF THE SESSION REALLY EXISTS IF NOT KICK
if (empty($_SESSION["sesid"])) { header ("Location: ../login.php?do=m&e=24"); die();}

include($_SESSION["set_bpath"] . "/config.php");

function md6encode($content,$lock) {

	for ($i = 1; $i <= $lock; $i++) {
    	$content = base64_encode($content);
	}
	
	return $content;
}

function dropdown( $name, array $options, $selected=null )
{
    /*** begin the select ***/
    $dropdown = "<select name='".$name."' id='".$name."' class='input_form'>";

    $selected = $selected;
    /*** loop over the options ***/
    foreach( $options as $key=>$option )
    {
        /*** assign a selected value ***/
        $select = $selected==$key ? " SELECTED" : null;

        /*** add each option to the dropdown ***/
        $dropdown .= "<option value='$key' ".$select.">".$option."</option>";
    }

    /*** close the select ***/
    $dropdown .= "</select>";

    /*** and return the completed dropdown ***/
    return $dropdown;
}
/***** BEFORE WE START WORKING WITH THE SESSION LEST GET SOME VARIABLES FROM THE URL ******/

if(isset($_GET["show"])) {
    $show = $_GET["show"];
}
if(isset($_GET["go"])) {
    $go = $_GET["go"];
}
if(isset($_GET["act"])) {
    $act = $_GET["act"];
}
if(isset($_GET["view"])) {
    $view = $_GET["view"];
}
if(isset($_GET["logid"])) {
    $logid = $_GET["logid"];
}
if(isset($_GET["modid"])) {
    $modid = $_GET["modid"];
}
if(isset($_GET["cid"])) {
    $cid = $_GET["cid"];
}

if(isset($_POST["sq"])) {
    $sqPost = $_POST["sq"];
}
if(isset($_GET["sq"])) {
    $sqGet = $_GET["sq"];
}
$sq = $sqPost . $sqGet;



/************************************** END **********************************************/


/* ************** LETS GET SOME INFO ABOUT LOGGED IN USER **************************** */
// GET USER INFO

$userInfo = SignupService::getInstance()->getUserInfo($DBprefix,@$_SESSION[user_name],@$_SESSION[user_pass]);
$info_user_id = $userInfo->getId();
$info_user_name = $userInfo->getUsername();
$info_user_fname = $userInfo->getFname();
$info_user_lname = $userInfo->getLname();
$info_user_phone = $userInfo->getPhone();
$info_user_email = $userInfo->getEmail();
$info_user_level = $userInfo->getLevel();
$info_user_adddate = $userInfo->getAddDate();
$info_user_lastlogin = $userInfo->getLastLogin();
$info_user_logindns = $userInfo->getLoginDns();
$info_user_loginfail = $userInfo->getLoginFail();

if ($conf_timeout != 0 AND $info_user_level > 0 AND $info_user_level < 4) {
        $info_user_set_timeout = $conf_timeout;
} else {
        $info_user_set_timeout = $userInfo->getSetTimeout();
}

$opt_logout_time = $info_user_set_timeout;


// GET LOG INFO
$userLog = LogService::getInstance()->getUserLog($DBprefix,$info_user_id,$_SESSION["sesid"]);
$log_id = $userLog->getId();
$log_ip = $userLog->getIp();
$log_date = $userLog->getDate();
$log_status = $userLog->getStatus();
$log_sesexp = $userLog->getSesExp();
$log_sesid = $userLog->getSesId();



/* ***********************************    END    ************************************* */




// LETS GET THE USER RANK
if ($info_user_level < 0){
	$info_user_rank = "ADMIN";}
else {	$info_user_rank = @$ranks[$info_user_level]; }



/* ****************************** BEGINNING ****************************************** */
/* *************   EXECUTING LOG FILE TO SEE WHAT EVERYONE IS DOING  ***************** */
/* *********************************************************************************** */
// TEST STRING FOR ACCESS: $access_pagesid :: $access_pagesname :: $access_pagesperm <-- $access_status --> $access_userid :: $access_pageid :: $access_permission = $accesspage_info

// LETS CHECK IF ONLY CERTAIN USERS HAVE ACCESS TO THIS PAGE
$accessPageInfo = AccessPageService::getInstance()->getAccessPages($DBprefix,$show);
$access_pagesid = $accessPageInfo->getId();
$access_pagesname = $accessPageInfo->getName();
$access_pagesperm = $accessPageInfo->getPerm();
$access_pagessub= $accessPageInfo->getSub();


// LETS CHECK IF THE USER HAS PERMISSION TO VIEW THIS PAGE

$accessInfo = AccessService::getInstance()->getAccess($DBprefix,$info_user_id,$access_pagesid);
$access_userid = $accessInfo->getUserId();
$access_pageid = $accessInfo->getPageId();
$access_permission = $accessInfo->getPermission();

// WE NEED TO CHECK IF THERE IS A SUB PAGE SPECIFIED AND THAT USER MIGHT HAVE ACCESS
$accessPagesSub = AccessPageService::getInstance()->getAccessPagesSub($DBprefix,$access_pagesname,$view);
$access_pagesperm = $accessPagesSub->getPerm(); 

if (!empty($accessPageInfo) || $accessPageInfo!=null) {
    
    if ($access_pagesperm == 1 AND empty($access_permission) AND $info_user_level < 5 OR $access_permission == 1 AND $info_user_level < 5) {

        $insertLog = new Log();
        $insertLog->setAction('ACCESS_DENIED');
        $insertLog->setUserId($info_user_id);
        $insertLog->setPageTo($info_current_url);
        $insertLog->setPageFrom($info_reffered_url);
        $insertLog->setIp($info_ipaddr);
        $insertLog->setDate($timedate);
        $insertLog->setStatus('ACTIVE');
        $insertLog->setSesId($log_sesid);

        $update_log = LogService::getInstance()->add($DBprefix,$insertLog);

        if ($info_reffered_url == "in.php") {
            $return_url = "$info_reffered_url?e=1"; 
        } 
        else { 
            $return_url = "$info_reffered_url&e=1"; 
        }
        
        header("Location: $return_url");

    } else if ($access_permission == 1 AND $access_pagesperm == 1 AND $info_user_level < 5) {

        $insertLog = new Log();
        $insertLog->setAction('ACCESS_DENIED');
        $insertLog->setUserId($info_user_id);
        $insertLog->setPageTo($info_current_url);
        $insertLog->setPageFrom($info_reffered_url);
        $insertLog->setIp($info_ipaddr);
        $insertLog->setDate($timedate);
        $insertLog->setStatus('ACTIVE');
        $insertLog->setSesId($log_sesid);

        $update_log = LogService::getInstance()->add($DBprefix,$insertLog);

        header("Location: in.php?e=1#2");

    } else { $access_status = "GOOD TO GO1"; }

    } else { $access_status = "GOOD TO GO2"; }


if ($log_sesexp <= $timedate OR $log_status == "EXPIRED") { 
	
	header ("Location: logoff.php?m=$cFile");
	
} else if ($log_sesid == $_SESSION["sesid"]) {

$new_sesexp = $timedate + $opt_logout_time;

$insertLog = new Log();
$insertLog->setAction('VIEW');
$insertLog->setUserId($info_user_id);
$insertLog->setPageTo($info_current_url);
$insertLog->setPageFrom($info_reffered_url);
$insertLog->setDate($timedate);
$insertLog->setStatus('ACTIVE');
$insertLog->setSesId($log_sesid);

LogService::getInstance()->add($DBprefix,$insertLog);

$updateLog = LogService::getInstance()->find($DBprefix,$info_user_id,$log_sesid,'LOGIN',$log_sesexp);
$updateLog->setSesExp($new_sesexp);
LogService::getInstance()->save($DBprefix,$updateLog);

} else {

header ("Location: ../../index.php?e=ERROR_LOGGING");

}



/* *********************************************************************************** */
/* *************   EXECUTING LOG FILE TO SEE WHAT EVERYONE IS DOING  ***************** */
/* ********************************* END ********************************************* */





?>